0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-29 15:24:43 +01:00
gitea/services/context
Kemal Zebari 7adc4717ec
Include file extension checks in attachment API (#32151)
From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.
2024-11-06 21:34:32 +00:00
..
upload Include file extension checks in attachment API (#32151) 2024-11-06 21:34:32 +00:00
access_log.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
api.go Refactor RepoRefByType (#32413) 2024-11-05 06:35:54 +00:00
api_org.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
api_test.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
base.go Refactor names (#31405) 2024-06-19 06:32:45 +08:00
base_test.go Use strict protocol check when redirect (#29642) 2024-03-07 02:03:41 +00:00
captcha.go Refactor cache and disable go-chi cache (#30417) 2024-04-13 08:38:44 +00:00
context.go Refactor template ctx and render utils (#32422) 2024-11-05 14:04:26 +08:00
context_cookie.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
context_model.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
context_request.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
context_response.go Refactor AppURL usage (#30885) 2024-05-07 08:26:13 +00:00
context_template.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
context_test.go Refactor external URL detection (#29973) 2024-03-22 04:32:40 +08:00
csrf.go Refactor CSRF token (#32216) 2024-10-10 03:48:21 +00:00
org.go Refactor names (#31405) 2024-06-19 06:32:45 +08:00
package.go Refactor names (#31405) 2024-06-19 06:32:45 +08:00
pagination.go Remove AddParamIfExist(AddParam) (#29841) 2024-03-16 12:07:56 +00:00
permission.go Allow maintainers to view and edit files of private repos when "Allow maintainers to edit" is enabled (#32215) 2024-10-11 19:08:19 +00:00
private.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
repo.go Refactor RepoRefByType (#32413) 2024-11-05 06:35:54 +00:00
response.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
user.go Refactor names (#31405) 2024-06-19 06:32:45 +08:00
utils.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
xsrf.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00
xsrf_test.go Move context from modules to services (#29440) 2024-02-27 08:12:22 +01:00